How to Remove Spyware Correctly

By: Michael Goodwin, Lead Computer Technician

Spyware is notorious for duplicating. You may remove the file ‘thisisspyware.exe’ but the file ‘thisisspyware2.exe’ is hiding somewhere else waiting for you to remove his brother then duplicate. So it’s a kind of built in survival instinct. The stain will seem clean and gone but after some time you notice traces of it are still there. First we’re going to go over some of the common mistakes of spyware removal the average user makes. Then, we’ll explain how to correct these little mistakes to make you a Spyware killing guru. So lets get right to it and go over the list of common mistakes made, and if you are reading this and say “dang, that’s what I do!”. Don’t worry, we all make mistakes and the fact that you’re reading this now is a +1.

1. Running a spyware scan in normal Windows and also doing the removal in normal Windows.
   1. If you were looking closely you noticed the italicized word ‘normal’. The reason is because there are two bootable options for Windows. One is normal, the one you boot to every time you start your computer, and there’s “SAFEMODE”. When you take your computer to a repair shop they will run the same scans you do and same removals (excluding some special tools) but it will be done in Safe Mode Windows. This is done because in “Safe Mode” windows loads MINIMAL software and drivers. So even if the brother of the spyware is hiding it can still be removed.
2. Leaving system restore active
   1. It’s always best to turn system restore off while doing a spyware removal because while it’s active it’s just one more place for the duplicator to hide. When you remove the spyware from your system the restore points are usually untouched during scans. This of course is a small risk because you will lose any previous restore points, but ask yourself when the last time is you actually needed to use a Windows restore point. So be sure to turn it off, wipe out any previous restore points, and just turn it back on once you know your computer is clean again.
3. Backing up files before cleaning
   1. None of us want to lose files. I feel ya! So sometimes people will copy all their baby pics to a flash drive or something before doing full scans and removal just to be safe. I’m not going to say this is a bad thing but it can be risky and counter-productive. It’s always great to be safe and not be sorry, just be sure if you do this to run an individual scan on the flash drive you copied the files to. If ‘imspyware.exe’ attached itself to ‘LoveTheBaby.pic’ and you copied that to your jump drive THEN cleaned your computer, well, once you hook that jump drive up again and copy over the baby picture again you’ve just infected yourself all over again. So be safe, do backups if worried, just be sure they get a good cleaning as well.
4. Rushing the job
   1. Whenever someone brings me a computer to work on and it’s spyware related you’re usually (depending on workload) looking at 24-48 hours in service time. It’s not because I am sitting there for 24 hours constantly doing stuff but the biggest problem an average user makes is running a single scan, hitting “remove all”, then booting normally with a false sense of security. I will on average run at least 3 scans to make sure the spyware is gone (rebooting after each scan and removal). I’ve had some where I’ve had to run as many as 5 scans just to remove one ‘High Risk’ spyware because it was extremely sneaky. So don’t get in a rush. Be sure to set aside the time (and patience) to make sure you got everything before booting normally.
5. Out-of-Date
   1. Before you go into safe mode and begin your war on spyware be sure to update all your spyware removal programs. Load any software you may have and make sure it has the latest definitions. If you got the latest spyware that came out last week but you haven’t updated for months it’s going to be severely less effective.

Now that we’ve gone over some common mistakes that are made during spyware removal I’m going to give you a list of tips I’ve learned and some recommended free software to help you along. Some of these tips will be duplicates of the “mistakes” part but it’s always good to touch again on good points.

1. Set your computer to always boot into Safe Mode until you’re done.
   1. As mentioned in the “Mistakes” section most of your work should be done in SafeMode to ensure proper removal but you don’t want to hit ‘F8’ every time on boot-up to get to it (because remember, we are Spyware Warriors, we will run more than just 1 scan). So a way to set your computer to always boot to Safe Mode is by editing the boot process. Here’s how!
      1. Click ‘Start’
      2. Type in ‘msconfig’ and hit enter (If using Windows XP first hit ‘run’ then type ‘msconfig’ and hit enter)
      3. In the new window that pops up select the ‘Boot’ tab
      4. In the ‘Boot’ tab near the bottom left check the ‘Safe Boot’ option and be sure ‘Minimal’ is selected as well.
      

2. Get some weapons (software) to help you in your battle. Here are a few that, to me, are must have for every service. These are free programs so you can get full function cleaning.
   1. Malware Bytes (For the scanning and removal)
   2. Microsoft Security Essentials (For future protection)
   3. CCleaner (To get rid of junk files/cookies/etc)
   4. UPDATE: Once everything is installed be sure to update their definitions! We can’t fight cannons with sticks. Be sure to get the latest files.
3. Shut off ‘System Restore’ (Windows 7)
   1. Right click on ‘Computer’ and select ‘Properties’
   2. Select ‘Advanced System Settings’

3. Click on the ‘System Protection’ tab at the top
4. Click on ‘Configure’
5. Select ‘Turn off system protection’ and as well click on ‘DELETE’ to remove all current restore points which could possibly be infected then hit “Apply”.

4. Now the next few steps may seem repetitive but it’s a huge part of spyware removal.
   1. Reboot to Safe Mode / Scan computer / Removal Files
   2. Reboot to Safe Mode / Scan computer / Removal Files
   3. Reboot to Safe Mode / Scan computer / Removal Files
   4. Reboot to Safe Mode / Scan computer / Removal Files
   5. Rinse and repeat until NOTHING shows up on scans anymore.
5. Give it one final scan
   1. Once it seems I have removed everything and scans are clean I like to reboot and do just one more scan. This scan is not because I don’t trust myself but I like to use this time for optimization. Go ahead and run CCleaner and remove junk files. Run a defrag on your computer. Go back into ‘msconfig’ and click the ‘Startup’ tab and uncheck stuff that you don’t want loading every single time you start your computer (little tip to help speed up the system). It’s always better safe than sorry, so once everything looks good just run one last scan just for good measure, but mainly use that time to ‘tweak’ your system a bit. Go ahead and remove old programs you don’t need anymore and run other tasks.
6. Repeat #1 & #3
   1. Now that everything is spic & span be sure to go back to step #1 and #3 reverse what you did. Just UN-check ‘Safeboot’ and hit ‘Ok’ for #1 and reboot your system back into ‘Normal’ Windows mode and pat yourself on the back for a job well done!